“Instead, security is a holistic approach to protection, prevention, and response, and it needs to encompass all aspects of technology.”

For Mills, what organisations should consider when implementing, updating, and enforcing their security policy:

1. External threats:

The sheer number of external threats is growing, and there’s absolutely nothing we can do about it, other than maintaining constant vigilance through a security policy that is constantly updated and enforced.

The speed at which threats are increasing is exponential. For instance, there are millions of malware variations that enterprises must defend against, but it’s difficult for signature-based malware to keep up.

There are more distributed denial-of-services (DDoS) attacks than ever before, and they vary widely; they can be highly targeted or generic, long in duration or short.

And they mutate; there’s a new breed of DDoS attacks that use Web servers as payload carrying bots, which makes them even more damaging because of exponential performance increases.

And then there are application attacks, often targeted at financial systems, which can bring a company to its knees.

What’s even more problematic is that most organisations have already been breached - they just don’t know about it.

2. Internal threats:

Employees often leak data because security policies are not enforced. External threats are real and dangerous.

But internal threats can be just as common and just as damaging. Internal threats are often inadvertent, stemming from a lack of oversight as well as from disgruntled employees who leak sensitive data right after they’re fired.

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.